diff options
| -rw-r--r-- | .github/workflows/macos_test.yml | 2 | ||||
| -rw-r--r-- | ChangeLog | 57 | ||||
| -rw-r--r-- | apps/nc/compat/sys/socket.h | 3 | ||||
| -rw-r--r-- | appveyor.yml | 10 | ||||
| -rw-r--r-- | include/compat/sys/socket.h | 1 | ||||
| -rwxr-xr-x | scripts/test | 14 | ||||
| -rw-r--r-- | tests/CMakeLists.txt | 5 | ||||
| -rw-r--r-- | tests/Makefile.am | 5 |
8 files changed, 82 insertions, 15 deletions
diff --git a/.github/workflows/macos_test.yml b/.github/workflows/macos_test.yml index 29e6cdc..6e7adac 100644 --- a/.github/workflows/macos_test.yml +++ b/.github/workflows/macos_test.yml | |||
| @@ -6,7 +6,7 @@ jobs: | |||
| 6 | build-native: | 6 | build-native: |
| 7 | strategy: | 7 | strategy: |
| 8 | matrix: | 8 | matrix: |
| 9 | os: [macos-latest] | 9 | os: [macos-12, macos-11] |
| 10 | compiler: [clang, gcc] | 10 | compiler: [clang, gcc] |
| 11 | runs-on: ${{ matrix.os }} | 11 | runs-on: ${{ matrix.os }} |
| 12 | continue-on-error: false | 12 | continue-on-error: false |
| @@ -28,6 +28,63 @@ history is also available from Git. | |||
| 28 | 28 | ||
| 29 | LibreSSL Portable Release Notes: | 29 | LibreSSL Portable Release Notes: |
| 30 | 30 | ||
| 31 | 3.5.2 - Stable release | ||
| 32 | |||
| 33 | * Bug fixes | ||
| 34 | - Avoid single byte overread in asn1_parse2(). | ||
| 35 | - Allow name constraints with a leading dot. From Alex Wilson. | ||
| 36 | - Relax a check in x509_constraints_dirname() to allow prefixes. | ||
| 37 | From Alex Wilson. | ||
| 38 | - Fix NULL dereferences in openssl(1) cms option parsing. | ||
| 39 | - Do not zero the computed cofactor on ec_guess_cofactor() success. | ||
| 40 | - Bound cofactor in EC_GROUP_set_generator() to reduce the number of | ||
| 41 | bogus groups that can be described with nonsensical parameters. | ||
| 42 | - Avoid various potential segfaults in EVP_PKEY_CTX_free() in low | ||
| 43 | memory conditions. Reported for HMAC by Masaru Masuda. | ||
| 44 | - Plug leak in ASN1_TIME_adj_internal(). | ||
| 45 | - Avoid infinite loop for custom curves of order 1. | ||
| 46 | Issue reported by Hanno Boeck, comments by David Benjamin. | ||
| 47 | - Avoid an infinite loop on parsing DSA private keys by validating | ||
| 48 | that the provided parameters conform to FIPS 186-4. | ||
| 49 | Issue reported by Hanno Boeck, comments by David Benjamin. | ||
| 50 | * Compatibility improvements | ||
| 51 | - Allow non-standard name constraints of the form @domain.com. | ||
| 52 | * Internal improvements | ||
| 53 | - Limit OID text conversion to 64 bits per arc. | ||
| 54 | - Clean up and simplify memory BIO code. | ||
| 55 | - Reduce number of memmove() calls in memory BIOs. | ||
| 56 | - Factor out alert handling code in the legacy stack. | ||
| 57 | - Add sanity checks on p and q in old_dsa_priv_decode() | ||
| 58 | - Cache the SHA-512 hash instead of the SHA-1 for CRLs. | ||
| 59 | - Suppress various compiler warnings for old gcc versions. | ||
| 60 | - Remove free_cont from asn1_d2i_ex_primitive()/asn1_ex_c2i(). | ||
| 61 | - Rework ownership handling in x509_constraints_validate(). | ||
| 62 | - Rework ASN1_STRING_set(). | ||
| 63 | - Remove const from tls1_transcript_hash_value(). | ||
| 64 | - Clean up and simplify ssl3_renegotiate{,_check}(). | ||
| 65 | - Rewrite legacy TLS and DTLS unexpected handshake message handling. | ||
| 66 | - Simplify SSL_do_handshake(). | ||
| 67 | - Rewrite ASCII/text to ASN.1 object conversion. | ||
| 68 | - Provide t2i_ASN1_OBJECT_internal() and use it for OBJ_txt2obj(). | ||
| 69 | - Split armv7 and aarch64 code into separate locations. | ||
| 70 | - Rewrote openssl(1) ts to use the new option handling and cleaned | ||
| 71 | up the C code. | ||
| 72 | - Provide asn1_get_primitive(). | ||
| 73 | - Convert {c2i,d2i}_ASN1_OBJECT() to CBS. | ||
| 74 | - Remove the minimum record length checks from dtls1_read_bytes(). | ||
| 75 | - Clean up {dtls1,ssl3}_read_bytes(). | ||
| 76 | - Be more careful with embedded and terminating NULs in the new | ||
| 77 | name constraints code. | ||
| 78 | - Check EVP_Digest* return codes in openssl(1) ts | ||
| 79 | - Various minor code cleanup in openssl(1) pkcs12 | ||
| 80 | - Use calloc() in pkey_hmac_init(). | ||
| 81 | - Simplify priv_key handling in d2i_ECPrivateKey(). | ||
| 82 | * Documentation improvements | ||
| 83 | - Update d2i_ASN1_OBJECT(3) documentation to reflect reality after | ||
| 84 | refactoring and bug fixes. | ||
| 85 | - Fixed numerous minor grammar, spelling, wording, and punctuation | ||
| 86 | issues. | ||
| 87 | |||
| 31 | 3.5.1 - Security release | 88 | 3.5.1 - Security release |
| 32 | 89 | ||
| 33 | * A malicious certificate can cause an infinite loop. | 90 | * A malicious certificate can cause an infinite loop. |
diff --git a/apps/nc/compat/sys/socket.h b/apps/nc/compat/sys/socket.h index 13eb380..2c7ee4f 100644 --- a/apps/nc/compat/sys/socket.h +++ b/apps/nc/compat/sys/socket.h | |||
| @@ -6,8 +6,7 @@ | |||
| 6 | #ifndef _WIN32 | 6 | #ifndef _WIN32 |
| 7 | #include_next <sys/socket.h> | 7 | #include_next <sys/socket.h> |
| 8 | 8 | ||
| 9 | #if !defined(SOCK_NONBLOCK) || !defined(SOCK_CLOEXEC) | 9 | #if defined(NEED_SOCKET_FLAGS) |
| 10 | #define NEED_SOCKET_FLAGS | ||
| 11 | int _socket(int domain, int type, int protocol); | 10 | int _socket(int domain, int type, int protocol); |
| 12 | #ifndef SOCKET_FLAGS_PRIV | 11 | #ifndef SOCKET_FLAGS_PRIV |
| 13 | #define socket(d, t, p) _socket(d, t, p) | 12 | #define socket(d, t, p) _socket(d, t, p) |
diff --git a/appveyor.yml b/appveyor.yml index bdb8001..33a32da 100644 --- a/appveyor.yml +++ b/appveyor.yml | |||
| @@ -1,26 +1,26 @@ | |||
| 1 | image: | 1 | image: |
| 2 | - Previous Visual Studio 2019 | 2 | - Visual Studio 2019 |
| 3 | 3 | ||
| 4 | environment: | 4 | environment: |
| 5 | PATH: C:\msys64\usr\bin;C:\msys64\mingw64\bin;C:\Windows\System32;C:\Windows;%PATH% | 5 | PATH: C:\msys64\usr\bin;C:\msys64\mingw64\bin;C:\Windows\System32;C:\Windows;%PATH% |
| 6 | 6 | ||
| 7 | matrix: | 7 | matrix: |
| 8 | - APPVEYOR_BUILD_WORKER_IMAGE: Previous Visual Studio 2019 | 8 | - APPVEYOR_BUILD_WORKER_IMAGE: Visual Studio 2019 |
| 9 | GENERATOR: Visual Studio 16 2019 | 9 | GENERATOR: Visual Studio 16 2019 |
| 10 | ARCHITECTURE: Win32 | 10 | ARCHITECTURE: Win32 |
| 11 | CONFIG: Release | 11 | CONFIG: Release |
| 12 | SHARED_LIBS: ON | 12 | SHARED_LIBS: ON |
| 13 | - APPVEYOR_BUILD_WORKER_IMAGE: Previous Visual Studio 2019 | 13 | - APPVEYOR_BUILD_WORKER_IMAGE: Visual Studio 2019 |
| 14 | GENERATOR: Visual Studio 16 2019 | 14 | GENERATOR: Visual Studio 16 2019 |
| 15 | ARCHITECTURE: Win32 | 15 | ARCHITECTURE: Win32 |
| 16 | CONFIG: Release | 16 | CONFIG: Release |
| 17 | SHARED_LIBS: OFF | 17 | SHARED_LIBS: OFF |
| 18 | - APPVEYOR_BUILD_WORKER_IMAGE: Previous Visual Studio 2019 | 18 | - APPVEYOR_BUILD_WORKER_IMAGE: Visual Studio 2019 |
| 19 | GENERATOR: Visual Studio 16 2019 | 19 | GENERATOR: Visual Studio 16 2019 |
| 20 | ARCHITECTURE: x64 | 20 | ARCHITECTURE: x64 |
| 21 | CONFIG: Release | 21 | CONFIG: Release |
| 22 | SHARED_LIBS: ON | 22 | SHARED_LIBS: ON |
| 23 | - APPVEYOR_BUILD_WORKER_IMAGE: Previous Visual Studio 2019 | 23 | - APPVEYOR_BUILD_WORKER_IMAGE: Visual Studio 2019 |
| 24 | GENERATOR: Visual Studio 16 2019 | 24 | GENERATOR: Visual Studio 16 2019 |
| 25 | ARCHITECTURE: x64 | 25 | ARCHITECTURE: x64 |
| 26 | CONFIG: Release | 26 | CONFIG: Release |
diff --git a/include/compat/sys/socket.h b/include/compat/sys/socket.h index 10eb05f..2f0b197 100644 --- a/include/compat/sys/socket.h +++ b/include/compat/sys/socket.h | |||
| @@ -10,6 +10,7 @@ | |||
| 10 | #endif | 10 | #endif |
| 11 | 11 | ||
| 12 | #if !defined(SOCK_NONBLOCK) || !defined(SOCK_CLOEXEC) | 12 | #if !defined(SOCK_NONBLOCK) || !defined(SOCK_CLOEXEC) |
| 13 | #define NEED_SOCKET_FLAGS | ||
| 13 | #define SOCK_CLOEXEC 0x8000 /* set FD_CLOEXEC */ | 14 | #define SOCK_CLOEXEC 0x8000 /* set FD_CLOEXEC */ |
| 14 | #define SOCK_NONBLOCK 0x4000 /* set O_NONBLOCK */ | 15 | #define SOCK_NONBLOCK 0x4000 /* set O_NONBLOCK */ |
| 15 | int bsd_socketpair(int domain, int type, int protocol, int socket_vector[2]); | 16 | int bsd_socketpair(int domain, int type, int protocol, int socket_vector[2]); |
diff --git a/scripts/test b/scripts/test index 80fa988..f2f0cb8 100755 --- a/scripts/test +++ b/scripts/test | |||
| @@ -20,24 +20,24 @@ if [ "x$ARCH" = "xnative" ]; then | |||
| 20 | # test cmake and ninja | 20 | # test cmake and ninja |
| 21 | if [ `uname` = "Darwin" ]; then | 21 | if [ `uname` = "Darwin" ]; then |
| 22 | cmake .. | 22 | cmake .. |
| 23 | make | 23 | make -j 4 |
| 24 | make test | 24 | make test |
| 25 | 25 | ||
| 26 | cd ../build-shared | 26 | cd ../build-shared |
| 27 | cmake -DBUILD_SHARED_LIBS=ON .. | 27 | cmake -DBUILD_SHARED_LIBS=ON .. |
| 28 | make | 28 | make -j 4 |
| 29 | make test | 29 | make test |
| 30 | else | 30 | else |
| 31 | sudo apt-get update | 31 | sudo apt-get update |
| 32 | sudo apt-get install -y cmake ninja-build | 32 | sudo apt-get install -y cmake ninja-build |
| 33 | 33 | ||
| 34 | cmake -GNinja .. | 34 | cmake -GNinja .. |
| 35 | ninja | 35 | ninja -j 4 |
| 36 | ninja test | 36 | ninja test |
| 37 | 37 | ||
| 38 | cd ../build-shared | 38 | cd ../build-shared |
| 39 | cmake -GNinja -DBUILD_SHARED_LIBS=ON .. | 39 | cmake -GNinja -DBUILD_SHARED_LIBS=ON .. |
| 40 | ninja | 40 | ninja -j 4 |
| 41 | ninja test | 41 | ninja test |
| 42 | fi | 42 | fi |
| 43 | 43 | ||
| @@ -58,21 +58,21 @@ elif [ "x$ARCH" = "xmingw32" -o "x$ARCH" = "xmingw64" ]; then | |||
| 58 | fi | 58 | fi |
| 59 | 59 | ||
| 60 | ./configure --host=$CPU-w64-mingw32 | 60 | ./configure --host=$CPU-w64-mingw32 |
| 61 | make -j | 61 | make -j 4 |
| 62 | 62 | ||
| 63 | ( | 63 | ( |
| 64 | rm -fr build-static | 64 | rm -fr build-static |
| 65 | mkdir build-static | 65 | mkdir build-static |
| 66 | cd build-static | 66 | cd build-static |
| 67 | cmake -GNinja -DCMAKE_TOOLCHAIN_FILE=../scripts/$CPU-w64-mingw32.cmake .. | 67 | cmake -GNinja -DCMAKE_TOOLCHAIN_FILE=../scripts/$CPU-w64-mingw32.cmake .. |
| 68 | ninja | 68 | ninja -j 4 |
| 69 | ) | 69 | ) |
| 70 | ( | 70 | ( |
| 71 | rm -fr build-shared | 71 | rm -fr build-shared |
| 72 | mkdir build-shared | 72 | mkdir build-shared |
| 73 | cd build-shared | 73 | cd build-shared |
| 74 | cmake -GNinja -DCMAKE_TOOLCHAIN_FILE=../scripts/$CPU-w64-mingw32.cmake -DBUILD_SHARED_LIBS=ON .. | 74 | cmake -GNinja -DCMAKE_TOOLCHAIN_FILE=../scripts/$CPU-w64-mingw32.cmake -DBUILD_SHARED_LIBS=ON .. |
| 75 | ninja | 75 | ninja -j 4 |
| 76 | ) | 76 | ) |
| 77 | 77 | ||
| 78 | elif [ "x$ARCH" = "xarm32" -o "x$ARCH" = "xarm64" ]; then | 78 | elif [ "x$ARCH" = "xarm32" -o "x$ARCH" = "xarm64" ]; then |
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 7c80002..e6cb2bc 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt | |||
| @@ -341,6 +341,11 @@ add_executable(mont mont.c) | |||
| 341 | target_link_libraries(mont ${OPENSSL_TEST_LIBS}) | 341 | target_link_libraries(mont ${OPENSSL_TEST_LIBS}) |
| 342 | add_test(mont mont) | 342 | add_test(mont mont) |
| 343 | 343 | ||
| 344 | # objectstest | ||
| 345 | add_executable(objectstest objectstest.c) | ||
| 346 | target_link_libraries(objectstest ${OPENSSL_TEST_LIBS}) | ||
| 347 | add_test(objectstest objectstest) | ||
| 348 | |||
| 344 | # ocsp_test | 349 | # ocsp_test |
| 345 | if(ENABLE_EXTRATESTS) | 350 | if(ENABLE_EXTRATESTS) |
| 346 | add_executable(ocsp_test ocsp_test.c) | 351 | add_executable(ocsp_test ocsp_test.c) |
diff --git a/tests/Makefile.am b/tests/Makefile.am index e58c0c0..6c88c90 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am | |||
| @@ -354,6 +354,11 @@ TESTS += mont | |||
| 354 | check_PROGRAMS += mont | 354 | check_PROGRAMS += mont |
| 355 | mont_SOURCES = mont.c | 355 | mont_SOURCES = mont.c |
| 356 | 356 | ||
| 357 | # objectstest | ||
| 358 | TESTS += objectstest | ||
| 359 | check_PROGRAMS += objectstest | ||
| 360 | objectstest_SOURCES = objectstest.c | ||
| 361 | |||
| 357 | # ocsp_test | 362 | # ocsp_test |
| 358 | if ENABLE_EXTRATESTS | 363 | if ENABLE_EXTRATESTS |
| 359 | TESTS += ocsptest.sh | 364 | TESTS += ocsptest.sh |